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A2 Statement of responsibility 


Disclaimer 


This report (“Report”) was prepared by Mazars LLP at the request of the Information Commissioner’s Office (ICO) and terms for the preparation and scope of the Report have been agreed with 
them. The matters raised in this Report are only those which came to our attention during our internal audit work. Whilst every care has been taken to ensure that the information provided in this 
Report is as accurate as possible, Internal Audit have only been able to base findings on the information and documentation provided and consequently no complete guarantee can be given that this 
Report is necessarily a comprehensive statement of all the weaknesses that exist, or of all the improvements that may be required. 


The Report was prepared solely for the use and benefit the ICO and to the fullest extent permitted by law Mazars LLP accepts no responsibility and disclaims all liability to any third party who 
purports to use or rely for any reason whatsoever on the Report, its contents, conclusions, any extract, reinterpretation, amendment and/or modification. Accordingly, any reliance placed on the 
Report, its contents, conclusions, any extract, reinterpretation, amendment and/or modification by any third party is entirely at their own risk. Please refer to the Statement of Responsibility in 
Appendix A3 of this report for further information about responsibilities, limitations and confidentiality. 


01 Summary 


The purpose of this report is to provide an update to the Audit Committee on the progress of the Internal Audit Strategy for the year ending 31 March 2021. In 
Section 02, we have provided a summary of our work to date, including the status and timing of each audit. 


Appendix A2 includes a summary of Mazars recent publications. 
02 Current progress in 2020/21 


Plan overview 


a ae ELOLE 


Auditable Area Audit start date Assurance Level pi | Pe | Po 


Fees and Income 6 July 2020 Final report z = 2 


E of the Business Planning 10 August 2020 Final report Adequate N 5 : 


HR Core Controls 3 August 2020 Final report Adequate = 2 3 
Stakeholder Management 21 September 2020 Final report 2 2 = 


Business Continuity and Disaster 25 January 2021 
Fieldwork 

Recovery 

High Priority Cases 9 November 2020 Draft report 

Information Governance 2 December 2020 Fieldwork 

Investigations and Enforcement 8 February 2021 Planning 

Follow Up January 2021 Fieldwork 
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Mazars publications 


Mazars has a number of publications and recorded webinars available on our insights webpage https:/Awww.mazars.co.uk/Home/Insights 


Risk in the Boardroom Survey 


Mazars in collaboration with Board Agenda and INSEAD has surveyed how boards maintain oversight of, and ultimate control over, risk in their 
companies. 


We have asked C-suite executives and non-executives — including chairs, chief executives and group finance directors — about their preparedness for a 
pandemic in the wake of the Covid-19 crisis. At the same time, we have gauged their changing attitude to risk and their views of the wider current risk 
environment. The findings are revealing. 


Survey Results 


The survey reveals almost 60% of firms have revisited their strategy, and highlights a lack of board knowledge about key risks—including cyber security & 


climate change. Almost 60% of companies are reviewing their business strategy as a result of the pandemic, whilst 43% of senior business leaders say 


Covid-19 is a fundamental threat to their organisations, according to new risk research. 


Covid-19 insights include: 


Boards are split evenly on whether or not they have a crisis management committee. Those that do not have a committee say that crisis management 
is either a matter for the whole board, the executive, business continuity group or specially convened “Cobra” teams. 

Only 55% are able to say they were prepared for a pandemic, though a resounding 96% say their controls and processes have performed well during 
the crisis. 

Eight out of ten are confident their response to the crisis has been clearly defined, communicated and monitored. 

Some 43% believe the pandemic is a fundamental threat to their organisation. 

Nearly six out of ten are reviewing their business strategy in response to the crisis, while a similar number are working on their post-pandemic 
strategy. 


Risk management insights include: 


Seven out of ten believe their board is sufficiently skilled to address all the risks in its market sector. 

Nearly three-quarters have experienced unexpected and unanticipated risks during the past five years, while almost nine out of ten believe they are 
facing more risks than five years ago. 

Half have changed the diversity of board membership to strengthen risk management challenges. 

Only half receive all the information required to consider all the risks faced by the organisation, with senior management and personal knowledge 
ranking as the most important sources of information. 

Regulation, compliance and financial risks are at the top of the board’s risk agenda, followed by reputation and cyber risks, with climate change at the 
bottom of the list. 


The full survey report is available on our website https:/Awww.mazars.co.uk/Home/Insights/Publications/Risk-in-the-Boardroom-Survey 
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A2 Statement of responsibility 
We take responsibility to ICO for this report which is prepared on the basis of the limitations set out below. 


The responsibility for designing and maintaining a sound system of internal control and the prevention and detection of fraud and other irregularities rests with 
management, with internal audit providing a service to management to enable them to achieve this objective. Specifically, we assess the adequacy and 
effectiveness of the system of internal control arrangements implemented by management and perform sample testing on those controls in the period under 
review with a view to providing an opinion on the extent to which risks in this area are managed. 


We plan our work in order to ensure that we have a reasonable expectation of detecting significant control weaknesses. However, our procedures alone should 
not be relied upon to identify all strengths and weaknesses in internal controls, nor relied upon to identify any circumstances of fraud or irregularity. Even sound 
systems of internal control can only provide reasonable and not absolute assurance and may not be proof against collusive fraud. 


The matters raised in this report are only those which came to our attention during the course of our work and are not necessarily a comprehensive statement 
of all the weaknesses that exist or all improvements that might be made. Recommendations for improvements should be assessed by you for their full impact 
before they are implemented. The performance of our work is not and should not be taken as a substitute for management’s responsibilities for the application 
of sound management practices. 


This report is confidential and must not be disclosed to any third party or reproduced in whole or in part without our prior written consent. To the fullest extent 
permitted by law Mazars LLP accepts no responsibility and disclaims all liability to any third party who purports to use or rely for any reason whatsoever on the 
Report, its contents, conclusions, any extract, reinterpretation amendment and/or modification by any third party is entirely at their own risk. 
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Contacts 


Peter Cudlip 
Partner, Mazars 
peter.cudlip@mazars.co.uk 


Darren Jones 
Manager, Mazars 
darren.jones@mazars.co.uk 


Mazars is an internationally integrated partnership, specialising in audit, accountancy, advisory, tax and legal services*. Operating in over 90 countries and 
territories around the world, we draw on the expertise of 40,400 professionals — 24,400 in Mazars’ integrated partnership and 16,000 via the Mazars North 
America Alliance — to assist clients of all sizes at every stage in their development. 


“where permitted under applicable country laws. 


www.mazars.co.uk 
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